OWASP Top 10 2012

Posted by on Nov 21, 2012 in Security BlogNo comments

What is OWASP?

OWASP stands for Open Web Applications Security Project, and is an open-source collaboration of web based security tools, technologies and methodologies from industry leaders, educational organisations and individuals from around the world. The aim of OWASP is simple; help people with a useful and clear resource of tools and documents to help understand web application security to better protect themselves online. The OWASP Top 10 2012 has currently not been published however it will likely follow the same principle categories as the previous years results.

What is OWASP Top 10?

OWASP collects data from successful web application attacks and uses this data to produce the OWASP Top 10 statistics. The OWASP Top 10 refers to the top 10 web attacks as seen over the year by security experts, and community contributors to the project.

Current OWASP Top 10

A1 – Injection (ref)

A2 – Cross Site Scripting /XSS (ref)

A3 – Broken Authentication / Session Management (ref)

A4 – Insecure Direct Object References (ref)

A5 – Cross Site Request Forgery (ref)

A6 – Security Missconfiguration (ref)

A7 – Insecure Cryptographic Storage (ref)

A8 – Failure to Restrict URL Access (ref)

A9 – Insufficient Transport Layer Protection (ref)

A10 – Unvalidated Redirects and Forwards (ref)

What does this mean for you?

The vulnerabilities listed above account for the majority of common web application security breaches. Here are some statistics that should make you think a little about getting a website security testing service from Security Audit Systems.

- Estimated 77 million user accounts compromised by an external hacker on the Sony Playstation Network.

- In 2008 there was $1 trillion dollars worth of intellectual property stolen according to a Mcafee report.

- It takes 10 minutes to crack a 6 character, lower case password, with no numbers or symbols.

-  73% of all Americans have fallen victim to some form of cybercrime according to a Symantec study.

- On average it takes 156 days before a computer or network compromise is even detected.

- 90% of businesses suffered some sort of computer hack in the last 12 months according to a study by Research Ponemon on behalf of Juniper Networks.

 

If you are concerned about your businesses online presence and feel it would benefit from a website penetration test, please contact us for a free quotation.

 

  • From Twitter

    • Russian gang dubbed CyberVor Amassed over 4.5 billion stolen credentials claims HoldSecurity

    • European banks hit by cyber attack. Kaspersky finds $700,000 has been stolen from a bank within a week of being hacked. Zeus mod to blame.